CVE-2024-30043: Abusing URL Parsing Confusion To Exploit XXE On Sharepoint Server And Cloud


Yes, the title is right. This blog covers an XML eXternal Entity (XXE) injection vulnerability that the author found in SharePoint.

The bug was recently patched by Microsoft. In general, XXE vulnerabilities are not very exciting in terms of discovery and related technical aspects. They may sometimes be fun to exploit and exfiltrate data (or do other nasty things) in real environments, but in the vulnerability research world, you typically find them, report them, and forget about them. So why the author is writing a blog post about an XXE? They have two reasons: 1. It affects SharePoint, both on-prem and cloud instances, which is a nice target. This vulnerability can be exploited by a low-privileged user. 2. This is one of the craziest XXEs that they have ever seen (and found), both in terms of vulnerability discovery and the method of triggering.

Read more…
Source: Zero Day Initiative


Sign up for our Newsletter


Related:

  • Cisco Warns of Critical Vulnerability Revealed in ‘Vault 7’ Data Dump

    March 20, 2017

    Cisco Systems warned customers on Friday of a critical vulnerability that could allow an attacker to execute arbitrary code and obtain full control on more than 300 different models of its switches and routers. Cisco said it became aware of the vulnerability after WikiLeaks released its Vault 7 cache of documents that revealed the existence ...